Page 1 of 1

*SOLVED*Sign up form problem*SOLVED*

Posted: Mon Apr 05, 2010 12:15 pm
by sirk
im trying to create a sort of sign up page, where employees (aho are assumed to have been added to the database already after being employed), need to set up their account for a job logging system on first time use, basically all they need to do is set their password. iv got most of my code from a tutorial and changed it for my own use the site can be found here http://www.homeandlearn.co.uk/php/php14p1.html

basically im having multiple problems so heres a little list

1. if the user enters in an invalid employee id but a valid password it doesnt show the relvent error but takes the user to the page they would be taken too on a successful entry of username and password. yet if an invalid password is entered as well the user is told about both of those problems.
2. if the user enters a valid ID and pass it takes them to the next page but the password hasnt been set in the database i have checked to make sure that the db connections are right and im pretty sure they are.

i have been looking at this for a few hours now and cant figure out whats wrong, iv done a bit of resaerch and im pretty sure that the sql queries are right but like PHP im fairly new to MySQL as well.

any help is very much appreciated, and i know its not the most secure way to add a password etc but its literally just a prototpe system atm so im not too bothered abotu overloading on security yet.

well anyway here is my code many thanks. also im using XAMPP and MySQL with InnoDB if thats of anyuse

Code: Select all

<?PHP

$EmpID = "";
$EmpPwd = "";
$errorMessage = "";
$num_rows = 0;

function quote_smart($value, $handle) {

   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }

   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value, $handle) . "'";
   }
   return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

	$EmpID = $_POST['EmpID'];
	$EmpPwd = $_POST['EmpPwd'];

	$EmpID = htmlspecialchars($EmpID);
	$EmpPwd = htmlspecialchars($EmpPwd);

	$IDLength = strlen($EmpID);
	$PwdLength = strlen($EmpPwd);

	if ($IDLength = 4) {
		$errorMessage = "";
			} 
		else {
		$errorMessage == $errorMessage . "Employee ID is four charecters long. If you cant remember Employee ID, or have not been given one contact your contracts manager." . "<BR>";
		}

	if ($PwdLength >= 8 && $PwdLength <= 16) {
		$errorMessage = "";
	}
		else {
		$errorMessage = $errorMessage . "Password must be between 8 and 16 characters" . "<BR>";
		}

	if ($errorMessage == "") {

		$host="localhost"; // Host name
 		$username="root"; // Mysql username
		$password="passwrd"; // Mysql password 
		$db_name="JMSystemDB"; // Database name

		$db_handle = mysql_connect($host, $username, $password);
		$db_found = mysql_select_db($db_name, $db_handle);
		

		if ($db_found) {

			$EmpID = quote_smart($EmpID, $db_handle);
			$EmpPwd = quote_smart($EmpPwd, $db_handle);

			$SQL = "SELECT * FROM Employee WHERE EmployeeID = $EmpID";
			$result = mysql_query($SQL);
			$num_rows = mysql_num_rows($result);

				if ($num_rows = 0) {
					$errorMessage = "Invalid Employee ID";
				}
		
				else {

					$SQL = "UPDATE Employee SET SystemPassword = '$EmpPwd' WHERE EmployeeID = '$EmpID'";

					$result = mysql_query($SQL);

					mysql_close($db_handle);

					session_start();
					session_register('EmpID');
					header("location:Jobs.php");
				}
			}
	else {
		$errorMessage = "Database Not Found";
	}
	}
}
?>

<html>
<head>
<title>Basic Login Script</title>
</head>
<body>

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<form name="form1" method="post" action="signup.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor=>
<tr>
<td colspan="3">&nbsp;</td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="EmpID" type="text" id="EmpID"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="EmpPwd" type="password" id="EmpPwd"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Register" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table></p>
<?PHP print $errorMessage;?>
</body>
</html>

Re: Sign up form problem

Posted: Mon Apr 05, 2010 2:48 pm
by sirk
iv solved both problems now for anyone struggling with the similar problems here was what was wrong i had been assigning a value to IDLength like so

Code: Select all

if ($IDLength = 4) {
instead of comparing

Code: Select all

if ($IDLength == 4) {